Holes found in Linux Ubuntu kernel

Summary:Almost 40 vulnerabilities have been discovered in the kernel of Linux Ubuntu 10.04, also known as Lucid Lynx, which is a long-term support version of the operating system.

Almost 40 vulnerabilities have been discovered in the kernel of Linux Ubuntu 10.04, also known as Lucid Lynx, which is a long-term support version of the operating system.

The holes, which allow remote and local exploits, also apply to corresponding versions of Kubuntu, Edubuntu and Xubuntu. The vulnerabilities include an issue with the way the Common Internet File System validates Internet Control Message Protocol (ICMP) response packets. The issue allows an attacker to send denial-of-service crafted packets. In addition, a hole in the Network File System v4 (NFSv4) bungles certain write requests allowing malicious users to craft traffic to gain root privileges.

"If you block ICMP you will get UDP (User Datagram Protocol) trouble because it does not have reliability built into it. You will get ICMP messages back," Securus Global researcher Declan Ingram said. "Being able to cause a kernel panic with an ICMP unreachable message is bad."

For more on this story, read Ubuntu peppered with holes on ZDNet Australia.

Topics: Software, Browser, Linux, Open Source, Operating Systems, Security

About

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.